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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MO NTH (S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 10/26/2006 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-13 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 1-13 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) Q The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 185(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or(f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Response to Amendment 

1 . Applicant's arguments filed on October 26, 2005 have been considered but are not 
persuasive. 

• Claims 1-13 are presented for examination. 

Response to Arguments 



2. In page 9, second paragraph, Applicant argues that "there is no teaching or suggestion in 
Provino of a user connecting to another communication device that is out side of a VPN (to 
which the user is already connected) and using an identifier of the connected-to VPN as logical 
identifier to facilitate sending messages to and receiving messages from the communication 
device." It is noted that the features upon which applicant relies are not recited in the rejected 
claim(s). Although the claims are interpreted in light of the specification, limitations from the 
specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 
USPQ2d 1057 (Fed. Cir. 1993). 

In response to Applicant's arguments in page 10, that "There is no reference in Provino that the 
predetermined integer address is somehow related to an identifier of an already connected-to 
VPN network, or that the secure tunnel is correlated to or refers to an identifier of an already 
connected-to VPN network." Examiner notes that Provino teaches a Virtual private network 15 
that comprises any of the devices 12(m') (m'.apprxeq.m) (thereby connecting to the Internet 14 
through an ISP) or 13 (thereby connecting directly to the Internet 14). " the virtual private 
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network 15 will be assumed to comprise a device 13. The virtual private network 15 itself 
includes a plurality of devices, identified herein as a firewall 30, a plurality of servers 31(1) 
through 31 (S) (generally identified by reference numeral 3 1 (s)) and a nameserver 32, all 
interconnected by a communication link 33." (Col. 6, lines 6-28). Further, Provino teaches a 
secure message packet processor to facilitate the establishment and use of a "secure tunnel, 
between the device 12(m) and another device 12 (m') (m'.apprxeq.m) or 13. "Generally, in a 
secure tunnel, information in at least the data portion of message packets transferred between 
device 12(m) and a specific other device 12(m') (m'.apprxeq.m) or 13 is maintained in secret by, 
for example, encrypting the data portion prior to transmission by the source device. Information 
in other portions of such message packets may also be maintained in secret, except for the 
information that is required to facilitate the transfer of the respective message packet between the 
devices, including, for example, at least the destination information, so as to allow the Internet's 
switching nodes and ISP's to identify the device that is to receive the message packet." Col. 5, 
lines 43-59). Since authorized external devices connect the VPN network via a logical channel 
as shown in fig. 1, and communication happens via established secure tunnel (already connected 
user), it is inherent that the established connection of device 12(m) uses an identified and 
recognized/approved logical connection (via tunneling protocol), where the firewall 30 receives 
a message packet from the device 12(m) over the secure tunnel and transfers the message packet 
to the device in the private network over the communication link 33. (col. 5, lines 43-65. see also 
col. 12, lines 1-40 and col. 9, lines 46 to col. 10, line 33). 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), 
(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre- AIPA 
35 U.S.C. 102(e)). 

3. Claims 1-13 are rejected under 35 U.S.C. 102(e) as being anticipated by Provino (U.S. 
Patent Number 6557037). 



As per claim 1,8-12, Provino teaches a method for enabling a user registered in an Network 
Access Server as already connected to a host Virtual Private Network (authorized users 12m'=m 
connected VPN 15 via ISP 1 1) to communicate with at least one communication device outside 
of said host Virtual Private Network (communicate devices 13 or server 32 col. 5, lines 43 to col. 
6, line 28), said Network Access Server having access over a data communication network 
(internet 14) to said communication device and to a plurality of Virtual Private Networks 
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including said host Virtual Private Network (network 1 5 and other private networks connected to 
internet 14, fig. 1 col. 6, 43-65), where said method comprises; 

detecting a message being sent from said user and to said communication device while said user 
is currently connected to said host Virtual Private Network (receiving a message destined to 
devices in the private network by firewall 30 via the secure tunnel col. 5, lines 43-65. see also 
col. 12, lines 1-40 and col. 9, lines 46 to col. 10, line 33).; directing said message to a logical 
channel between said Network Access Server and said communication device (see logical 
channel 41,41 43 ; 44 col. 3, lines 38-46 and col. 4, lines 23-65 and col. 9, lines 46 to col. 10, 
line 33).), wherein said logical channel has, as a logical identifier, an identifier of said host 
Virtual Private Network to which said user currently connected (secure channel is established 
between device 12(m) and device within VPN network 15 col. 9, lines 6-65. The transferred 
message packet contains header portion that identifies the source and destination address. 
Because authorized external devices connect the VPN network via a logical channel as shown in 
fig. 1, it is inherent that the established connection of device 12(m) uses an identified and 
recognized/approved logical connection (via tunneling protocol) (col. 3, line 59 to col. 4, lines 14 
and col. 5, lines 43-65. see also col. 12, lines 1-40). 

As per claim 2-3, Pro vino teaches the invention comprising: 

detecting a message from said communication device being received at said Network 
Access Server on the logical channel having , as logical channel identifier , the identifier of a 
Virtual Private Network, said message containing a user destination address (The transferred 
message packet contains header portion that identifies the source and destination address col. 3, 
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line 59 to col. 4, lines 14 and col. 5, lines 43-65. see also col. 9, lines 46 to col. 10, line 33 and 
col. 12, lines 1-40); determining a user registered in said Network Access Server as already 
connected to said Virtual Private Network and corresponding to said destination address 
(authorized user access the VPN network col. 9, lines 46-65); and forwarding said message from 
said Network Access Server to said user (col. 5, lines 1-59). 

As per claim 4, Provino teaches the method according to claim 1, wherein said messages 
belonging to the communication between said user and said communication device are 
encapsulated in data packets, said data packets comprising a field containing said identifier of 
said host Virtual Private Network or an indication derived of said identifier (col. 3, lines 1-9 and 
col. 5, lines 1-59). 

As per claim 5, Provino teaches the method according to claim 4, wherein said messages 
belonging to the communication between said user and said communication device are sent over 
a tunnel, wherein said tunnel has, as a tunnel identifier, said identifier of said host Virtual Private 
Network as tunnel identifier (to establish a secure tunnel one must use identifiers of the 
connected entities fig. 1 and col. 5, lines 43-59 ; col. 12, lines 1-40 and col. 9, lines 46 to col. 10, 
line 33). 

As per claim 6, Provino teaches the method according to claim 1, wherein said messages contain 
IP packets comprising an IP address of said user (col 3, lines 62 to col. 4, line 14). 
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As per claim 7, Provino teaches the method according to claim 1, wherein said communication 
device is a server belonging to a Virtual Private Network, called local Virtual Private Network, 
associated to said Network Access Server and different from said host Virtual Private Network 
(col. 9, 6-45 and col. 11, lines 46 to col. 12, line 16. 

As per claim 13, Provino teaches forwarding engine that forwards message from logical 
controller to said user after user has been identified (col. 9, lines 32-65). 

Conclusion 

1. ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

The prior made of record and not relied upon is considered pertinent to applicant's * 
disclosure. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Yasin Barqadle whose telephone number is 571-272-3947. The 
examiner can normally be reached on 9:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glenn Burgess can be reached on 571-272-3949. The fax phone numbers for the 
organization where this application or proceeding is assigned are 703-872-9306 for regular 
communications and 703-746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained form the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either private PAIR or public PAIR system. Status information for 
unpublished applications is available through private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
YB 
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